From f3581ec9b2d48c6103c22fecb46f713217d834e8 Mon Sep 17 00:00:00 2001 From: dann frazier Date: Thu, 17 Aug 2006 00:24:25 +0000 Subject: move retired to the top level hierarchy so people can easily checkout just the active issues git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574 --- retired/CVE-2004-0228 | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 retired/CVE-2004-0228 (limited to 'retired/CVE-2004-0228') diff --git a/retired/CVE-2004-0228 b/retired/CVE-2004-0228 new file mode 100644 index 00000000..4b6758bb --- /dev/null +++ b/retired/CVE-2004-0228 @@ -0,0 +1,33 @@ +Candidate: CVE-2004-0228 +References: + http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 + http://www.redhat.com/archives/fedora-announce-list/2004-April/msg00010.html + http://security.gentoo.org/glsa/glsa-200407-02.xml + http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:050 + http://www.novell.com/linux/security/advisories/2004_10_kernel.html + http://secunia.com/advisories/11429 + http://secunia.com/advisories/11464 + http://secunia.com/advisories/11486 + http://secunia.com/advisories/11491 + http://secunia.com/advisories/11683 + http://xforce.iss.net/xforce/xfdb/15951 +Description: + Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in + Linux kernel 2.6 allows local users to gain privileges. +Notes: + jmm> 2.4 does not have cpufreq + jmm> In 2.6 the affected code has changed to drivers/cpufreq/cpufreq_userspace.c + jmm> I've verified that the isolated patch from + jmm> http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0228.patch + jmm> is included in 2.6.8 +Bugs: +upstream: +linux-2.6: N/A +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A -- cgit v1.2.3